Month: March 2015

I recently had to configure the open-source firewall pfSense to allow VPN access for mobile clients, particularly those using OS X on Macs and iOS on iPhones and iPads.

I haven’t found too many examples out there from people who have set this up successfully, so I thought it might be helpful to share this information for others who are trying to set up a similar VPN configuration.

N.B. This works for pfSense 2.1. In pfSense 2.2 they completely changed the IPSec backend, so things are a little different at the frontend.

pfSense configuration

In System -> User Manager set up a suitable user as needed, and under Effective Privileges add User – VPN – IPsec xauth Dialin for that user.

Then go to VPN -> IPsec and set up the mobile IPsec client configuration as follows.

Pre-Shared Keys

Firewall: Rules

In Firewall -> Rules, go to the IPsec tab and make sure there’s a rule to allow all IPv4 traffic from anywhere to anywhere.

OS X configuration

In System Preferences -> Network, add a new interface of type VPN, VPN TypeCisco IPSec, and Service Name of your choice.

Server Address is the public IP of your firewall. Account Name is the pfSense user you set up earlier.

In Authentication Settings, Shared Secret is the pre-shared key you created on pfSense earlier, and Group Name is the identifier you created on pfSense earlier.

iOS configuration

In Settings -> VPN, add a new VPN configuration of type IPSec.

Description is up to you. Server is the public IP of your firewall. Account is the pfSense user you set up earlier. Group Name is the identifier you created on pfSense earlier. Secret is the pre-shared key you created on pfSense earlier.